CVE-2007-0104
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
La especificación de Adobe PDF versión 1.3, implementada por (a) xpdf versión 3.0.1 parche 2, (b) kpdf en KDE anterior a versión 3.5.5, (c) poppler anterior a versión 0.5.4, y otros productos, permite a los atacantes remotos tener un impacto desconocido, posiblemente incluyendo la denegación de servicio (bucle infinito), ejecución de código arbitraria, o corrupción de memoria , por medio de un archivo PDF con un (1) diccionario de catálogo creado o (2) un atributo Pages creado que hace referencia a un nodo de árbol de páginas no válido.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-01-08 CVE Reserved
- 2007-01-09 CVE Published
- 2023-12-20 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (34)
| URL | Tag | Source |
|---|---|---|
| http://docs.info.apple.com/article.html?artnum=305214 | X_refsource_confirm | |
| http://projects.info-pull.com/moab/MOAB-06-01-2007.html | X_refsource_misc | |
| http://secunia.com/advisories/23791 | Third Party Advisory | |
| http://securitytracker.com/id?1017514 | Vdb Entry | |
| http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html | X_refsource_confirm | |
| http://www.kde.org/info/security/advisory-20070115-1.txt | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/457055/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1017749 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA07-072A.html | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31364 | Vdb Entry | |
| https://issues.rpath.com/browse/RPL-964 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/21910 | 2024-08-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 3.0 Search vendor "Xpdf" for product "Xpdf" and version "3.0" | - |
Affected
| ||||||
| Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 3.0.1 Search vendor "Xpdf" for product "Xpdf" and version "3.0.1" | - |
Affected
| ||||||
| Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 3.0.1_pl1 Search vendor "Xpdf" for product "Xpdf" and version "3.0.1_pl1" | - |
Affected
| ||||||
| Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 3.0.1_pl2 Search vendor "Xpdf" for product "Xpdf" and version "3.0.1_pl2" | - |
Affected
| ||||||
| Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 3.0_pl2 Search vendor "Xpdf" for product "Xpdf" and version "3.0_pl2" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.2 Search vendor "Kde" for product "Kde" and version "3.2" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.2.1 Search vendor "Kde" for product "Kde" and version "3.2.1" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.2.2 Search vendor "Kde" for product "Kde" and version "3.2.2" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.2.3 Search vendor "Kde" for product "Kde" and version "3.2.3" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.3 Search vendor "Kde" for product "Kde" and version "3.3" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.3.1 Search vendor "Kde" for product "Kde" and version "3.3.1" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.3.2 Search vendor "Kde" for product "Kde" and version "3.3.2" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.4 Search vendor "Kde" for product "Kde" and version "3.4" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.4.1 Search vendor "Kde" for product "Kde" and version "3.4.1" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.4.2 Search vendor "Kde" for product "Kde" and version "3.4.2" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.4.3 Search vendor "Kde" for product "Kde" and version "3.4.3" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Search vendor "Kde" for product "Kde" | 3.5 Search vendor "Kde" for product "Kde" and version "3.5" | - |
Affected
| ||||||